Hi All,

We're having problems setting up ftp and authenticating against the postgres database.

We've reviewed these pages and a few others: Galaxy Page: https://wiki.galaxyproject.org/Admin/Config/UploadviaFTP

Peter Briggs Blog Post: http://galacticengineer.blogspot.co.uk/2015/02/ftp-upload-to-galaxy-using-pr...

Ricardo Perez's Galaxy Developers thread that Peter referenced: http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295....

When we run proftpd in debug mode we get similar output to the one in Ricardo's thread:

Ricardo's command line output: login002 proftpd[987] login002 (10.28.56.101[10.28.56.101]): mod_sql_passwd/0.4: expected 'PBKDF2$sha256$10000$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh', got 'cc0ef515d684386aaa500bf6499d9f512dfb332c'

Our output: 2016-04-20 10:53:42,597 pcegalaxy proftpd[18649] pcegalaxy.ci.northwestern.edu (lagunitas.kelleher.northwestern.edu[129.105.112.217]): mod_sql_passwd/0.7: expected 'NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu', got 'g3L81voHwAEh8y0B9qBImZycWgS0w4Z4'

From looking at the galaxy_user table, it seems like proftpd is finding the correct password information (password in table: PBKDF2$sha256$10000$kgyVpO6N2rWAbeX6$NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu).

The last post from that thread mentions back-channel advice that was helpful. Maybe we need the same advice ?

In case it's important we're using LDAP for our general user authentication.

Here is our proftpd.conf: ServerName "Galaxy FTP File Upload" ServerType standalone DefaultServer on PidFile /opt/apps/proftpd/1.3.5/var/proftpd.pid

# Port 21 is the standard FTP port. Port 21

# Don't use IPv6 support by default. UseIPv6 off

# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 077

# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30

# Set the user and group under which the server will run. User nobody Group nobody

# To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~

# Automatically create home directory if it doesn't exist CreateHome on dirmode 700

# Allow users to overwrite their files AllowOverwrite on

# Allow users to resume interrupted uploads AllowStoreRestart on

# Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit>

# Bar use of RETR (download) since this is not a public file drop <Limit RETR> DenyAll </Limit>

# Do not authenticate against real (system) users AuthPAM off

## Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on

## Set this if Galaxy user UID and/or GID are less than 999 SQLMinID 400

## Configuration that handles PBKDF2 encryption ## Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres

SQLConnectInfo galaxy_db@localhost:5432 <USERNAME> <PASSWORD> SQLAuthTypes PBKDF2 SQLPasswordPBKDF2 SHA256 10000 24 SQLPasswordEncoding base64 SQLAuthenticate users

## For PBKDF2 authentication SQLPasswordUserSalt sql:/GetUserSalt

## Define a custom query for lookup that returns a passwd-like entry for PBKFD2 ## UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,400,400,'/share/PCEitAdmin/Galaxy/external_users/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"

## Define custom query to fetch the password salt SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'"

Any advice would be great.

Thanks,

Joe Greer Northwestern University